Docker network help please

Currently reading
Docker network help please

Telos

Subscriber
2,838
897
NAS
DS418play, DS213j, DS3622+, DSM 7.2.4-11091
All of my containers seem to have an issue with internet access. I can't pick the exact moment but it either occurred after I installed Portainer (and who knows what I might have accidentally clicked), or... I have recently got a qbittorrent container running with a built-in VPN (it created a new network (no attached containers).

But my jdownloader containers cannot connect anywhere; same with a youtube downloader (tried youtube and Vimeo links), and now I started radarr for the first time and tried to add a new show and the search function never completed, not would a tracker test OK.

I'm at a loss here. All was well a few days ago.

Interestingly the qbittorrentvpn docker works and I can download through my VPN provider at a nice rate.

But any "normal" connection fails.

All I can think of at this time is to delete the qbittorentvpn container (and its created network).

Here's what I have...

Code:
docker network ls
NETWORK ID          NAME                     DRIVER              SCOPE
a721129ed026        adguard_bridge           bridge              local
eb1c68c30ef9        adguard_network          macvlan             local
bd7635c43078        bridge                   bridge              local
26569c45a8f1        host                     host                local
c12cddbfa80e        none                     null                local
f1f681b90828        qbittorrentvpn_default   bridge              local
 

Geeked

NAS Hosted
Subscriber
137
65
nashosted.com
NAS
DS918+, DS218+(2), RS820+
Operating system
  1. Linux
  2. macOS
  3. Windows
Mobile operating system
  1. iOS
Uh oh. Am I in trouble? I’d look in the Synology docker ui under network tab. You can go in and stop the container then edit it to access that. Make sure it’s using bridged network. Try that.
 

Telos

Subscriber
2,838
897
NAS
DS418play, DS213j, DS3622+, DSM 7.2.4-11091
Last edited:
That's where all my containers are (except Adguard Home) but it seems nothing is "bridged".

JbAMvMQ.png
dhEu4lR.png
 

Telos

Subscriber
2,838
897
NAS
DS418play, DS213j, DS3622+, DSM 7.2.4-11091
OK... YIKES>>> this is some kind of DNS problem...

Using Portainer (I'm edging towards scary dangerous here...) I edited the containers for the jdownloader and the youtube downloader, adding 8.8.8.8 to the DNS field. Saved and relaunched the containers, and both are working !!!

So... something is amiss with the bridge DNS. How do I troubleshoot that?

I'm further up on the learning curve that I have experience for... and I'm feeling a bit light-headed. Hoping someone can help me clear this up.
 
Last edited:
Portainer couldn't have done something that caused the behavior.

A VPN client on the other hand could have cause the behavior very much, especialy if the container runs in priviliged mode. Containers in privilged mode basicly run with "the host's root permissions" and are weak isolated compared to a normal container.

The default bridge network does not have a DNS server. Each container gets the file /etc/resolve.conf injected from the host. Whichever DNS servers are configured on the host, will be used inside the container.

Custom created bridge network on the other hand have a build in DNS Server, used to resolve service/container/service names of containers in the same network.

You can diagnose network problems with the netshoot container:
docker run -it --net container:<container_name> nicolaka/netshoot

This container provides an interacive shell with all required tools to troubleshoot network issues. It hooks into the "network interface" of another container (actualy it just hooks into the same namespace for the network interface used by the other container). The network behaves exactly like it would on the container you diagnose, with the difference that you have the swiss army knive of network troubleshooting tools at hand.

See: nicolaka/netshoot for further details.

Bonus: If you replace container:<container_name> with host, you can launch netshoot in the host's network namespace.
 

Telos

Subscriber
2,838
897
NAS
DS418play, DS213j, DS3622+, DSM 7.2.4-11091
Thanks 🍪 It's good to know that I couldn't have damaged anything with Portainer... particularly as I cleaned out all the "leftover volumes" that I assumed where orphaned.

I'm playing w/netshoot, though I'm not at all sure what I'm seeing. I do have the qbittorentvpn container set to run in privileged mode. I unchecked that and relaunched the container, but its IPort browser URL would not load.

So my connectivity issue seems to point to the qbittorentvpn container. I may delete it and try to set it up from scratch (as I went down several wrong rabbit trails before I got it to work).
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Solved
I've changed the thread type. Now you can Mark as solution by clicking on this: Thank you.
Replies
6
Views
2,748
Replies
3
Views
226
  • Question
If your NAS indeed is a DS416j, then I am afraid your memory is playing a trick on you. The cpu of the...
Replies
4
Views
788
  • Solved
That is interesting to know. Thank you! Probably nothing. And after some further consideration, I feel...
Replies
4
Views
312
  • Question
I haven't thought about it as a file system level cache. If it is, it would make sense that both benefit...
Replies
8
Views
298
I am struggling with that since I am only a copy & paste hacker. I have installed netdata on my Synology...
Replies
0
Views
148

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top